Marc Munro <marc@bloodnok.com> writes:
> On Mon, 2020-02-17 at 22:48 -0500, Tom Lane wrote:
>> An RLS policy is a table "subsidiary object" so it only depends indirectly
>> on the extension that owns the table.
> Yep, I get that, and I see the dependency chain in the catalog.
> However an extension can create the table with or without the policy,
> and a table created by an extension without policy can later have a
> policy added, and, unless I'm missing something, the same dependency
> chain exists in either case.
> This means that I cannot tell whether the policy was added by the
> extension or not.
I can't get very excited about that, since the same argument could be
made about triggers, indexes, or rules attached to a table, but no
one has yet complained about those cases. It's fairly hard to see the
use-case where it matters, anyway. If you're attaching policies to
tables owned by an extension after-the-fact, you're modifying the
definition of an extension-owned object, which is at best really poor
practice. We say up-front that you cannot expect the extension
mechanism to track the effects of such changes.
regards, tom lane
